Publications

A guide to the General Data Protection Regulation [Updated for 2019]

For in-house lawyers, Data Protection Officers, and specialists in compliance and privacy protection

Share this

17 September 2019

On 4 May 2016, the text of the General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union, concluding over four years of intensive legislative work on a new data protection legal framework for Europe.

The GDPR became effective on 25 May 2018 when it replaced the existing EC Data Protection Directive (EC/95/46) (Directive), bringing new legal rights for individuals, extending the scope of responsibilities for data controllers and processors and enhancing the regime for enforcement to include the risk of fines at up to 4% of an organisation's worldwide annual turnover.

DLA Piper have designed this Guide to provide in-house lawyers, Data Protection Officers and others dealing with privacy compliance issues on a day-to-day basis with an easy-reference manual to the GDPR.

The Guide presents an outline of each section of the GDPR, highlighting the key areas of reform and giving practical pointers about the tasks to take to support compliance, in six sections:

Key facts about the GDPR Scope

Fair processing and individual rights

Accountability within the organisation

Managing external flows of data

Working with supervisory authorities

For ease of reference, headings within each section in the Guide are colour coded to show the degree of change from the previous regulatory regime: